WordPress.com Denial of Service Attack the Work of Chinese Hackers

The large distributed Denial of Service attacks that hit the WordPress.com blog-publishing platform originated from China and did not have political motivations.

Chinese hackers may have had
commercial, not political, motivation for the large DDoS attacks that brought
WordPress.com to its knees last week.
WordPress.com was hit by a
series of distributed denial of service attacks on March 4, less than a day
after recovering from a massive attack on March 3, the company said. Parent
company Automattic managed to mitigate the attack an hour after it began in the
early morning, according to its status page.

The fourth attack in two
days came in a "different form" than the earlier attack, Automattic said. The earlier
attack, on March 3, was the largest DDoS attack in its six-year history,
and affected connectivity on its network of several million blogs, according to
site founder Matt Mullenweg.

WordPress.com appeared to
have operated normally over the weekend and reported no new issues.
WordPress.com founder Matt
Mullenweg originally speculated the attacks may have been politically motivated
and aimed at a Chinese-language blog that was on the WordPress platform but
blocked by Chinese search engine Baidu. However, on further analysis, the
primary motivation appeared to be more commercial than political, with 98
percent of the attacks originating in China, Mullenweg told ComputerWorld.
Automattic declined to
provide any additional details about the attacks.

WordPress.com sees DDoS
attacks fairly frequently, but having its three data centers spread out
geographically in Chicago, Dallas and San Antonio makes the infrastructure
strong enough to withstand most of them, according to Mullenweg. The attacks
were significantly larger than usual, with WordPress.com being pummeled by
multiple gigabits per seconds and tens of millions of packets per second, the
company wrote in a blog post for its VIP customers after the first attack.
Companies generally rely on
a geographically disparate network and a big bandwidth pipe to withstand large
DDoS attacks, Jason Hoffman, co-founder and chief scientist at cloud provider
Joyent, told eWEEK. Having as much as 50 percent more bandwidth than needed
gives companies some buffer against these kinds of attacks, he said.
With botnets and cheap
cloud-computing services at the attackers' disposal, large DDoS attacks are
becoming a possibility.
A slew of South Korean sites
were also hit with a botnet-driven DDoS attack during the same time period. The
attack targeted 29 sites, including various government ministries, the National
Assembly, sites belonging to the United States military in South Korea and
various banking services, and briefly shut down an online stock exchange. The
Korea Internet Security Agency said the attack had been traced to about 21,000
zombie PCs, according to JoonhAng
Daily, a local Korean news site.
Hackers originating from
China have been behind several major cyber-attacks recently. In a campaign
dubbed Night
Dragon by McAfee, hackers have used a combination of spear-phishing, social
engineering, Windows bugs and remote administration tools to attack five energy
companies since November 2009. A number of highly sensitive documents,
including bid negotiations, oil and gas field exploration reports, and
operational detail on SCADA systems monitoring oil and gas field
production, have been stolen from these unnamed companies, according to
McAfee. The attacks on these unnamed companies in the oil, energy and
petrochemical sector is still ongoing.
Google announced in January
2010 it was hit by Chinese attackers over a six-month period in what McAfee
called Operation Aurora. In this operation, attackers rifled through Gmail
account information for several human rights activists in China. Confidential
HBGary e-mail leaked by hacktivist group Anonymous indicated Morgan
Stanley may also have been targeted by the Aurora hackers.
The Chinese government has
vehemently denied each of these accusations. "The allegation that China
supports hacking is groundless," foreign ministry spokesman Ma Zhaoxu told
reporters during a regular briefing in February, according to the Associated Press.